Smart lock on front door

Can Smart Locks Be Hacked?

More than ever today, people are moving away from traditional key locks and installing smart locks on their doors. These electronic locks, which allow users to lock, unlock and monitor their doors remotely using Bluetooth, Wi-Fi or both, offer convenience and some security benefits with which key locks can’t compete.

The issue that makes some people hesitate, however, is the lingering question they present: Can smart locks be hacked?

The unfortunate answer to that question is yes. Anytime you have a device that works over the internet, the threat is there, and researchers have found security flaws in popular smart locks that make them susceptible to hackers.

So, does that mean you should keep your keys for now? Not necessarily. Here’s what you need to know about smart lock security to decide whether it’s right for you, as well as how to ensure it’s as safe as possible.

Ways smart locks can be hacked

The ways in which traditional key locks can be compromised are pretty straightforward. Thieves can pick, smash or otherwise destroy the locks to gain entry. If you leave your keys hidden in the yard or have multiple keys floating around, criminals could find them and let themselves right in.

With smart locks, you eliminate the vulnerability of physical keys, but you also open the door to hackers, so to speak. Here’s how:

  • Password hijacking: Just like with all password-protected services and devices, anyone with the password can access it. If your smart lock system password isn’t strong, you make a hacker’s job easier to guess and use it. Once a hacker figures out your password, they have control over your door.
  • Manufacturer vulnerabilities: Over the years, there have been cases in which manufacturer flaws and oversights have been shown to provide easy access to customers’ homes via smart locks. These include things such as storing customer passwords in plain text (i.e. making them easy for anyone who accesses their system to read and steal) and failing to include sufficient software to prevent other methods hackers use, such as decompiling APK (Android Package Kit) files, device spoofing (essentially device identity theft) and replay attacks (akin to digital eavesdropping). Without the right protections in place, hackers could be able to access your account and potentially your home.
  • Phone theft: Because smart locks are controlled via an app, if your smartphone is stolen, criminals may then be able to open the app and unlock your home. Know that some smart locks open if the phone is detected nearby (even if the phone is locked), so if a thief has your phone and shows up on your doorstep, it could automatically open and grant them access.
  • Lock removal: Just like with traditional locks, thieves with tools can physically tamper with, remove and destroy smart locks all together.

How to prevent hacking for your smart lock

There are some ways to lower the risk of a smart lock getting hacked:

  • Protect your password: Choose a unique password for each of your smart locks that isn’t easy to guess (1234, anyone?). Once you choose them, make sure to change them frequently and don’t give them to anyone you don’t implicitly trust.
  • Update software frequently: Manufacturers are constantly trying to outsmart criminals and will frequently release software updates. Always download them as soon as they’re available.
  • Consider an alternative electronic lock: While all smart locks are electric, there are electric locks that aren’t smart—meaning they don’t operate over Bluetooth or W-Fi. Some operate via a keypad, while others grant access with a key fob or access card. These “dumb” electric locks still provide the convenience of keyless entry, but they eliminate hacking risks.

What should I look for in a smart lock?

If you decide to get a smart lock, there are several factors to consider when choosing the best one for you:

  • Password length: When it comes to passwords, the longer, the better. The smart lock system you’re considering should allow passwords that are at least 16 characters long.
  • Two-factor authentication: Look for smart locks that require two-factor authentication for their products and services. This means they require an additional piece of identifying information beyond just a password, such as a PIN sent via text message.
  • Lost-phone feature: Some smart locks come with a feature that allows you to immediately disable your app and any virtual keys you’ve handed should your phone ever be lost or stolen.
  • Built-in alarm and camera: While it won’t help with hacking, some smart locks have built-in alarms that are designed to scare away criminals who try to disable them. Cameras may also help dissuade criminals who don’t want their face captured on video.
  • Company reputation: While we all want to get the best deal, it’s typically a good idea to go with home security equipment from a company that has a well-established reputation and garners positive customer reviews. Some companies may provide locks at a lower price, but that could mean they’ve skimped on software or other methods that may help thwart hackers.

Will a smart lock keep your home safe?

Can criminals outsmart smart locks? Unfortunately, sometimes the answer is yes.  Fortunately, smart locks are getting smarter and more secure all the time, and there are steps users can take to help make them safer as well.

Really, there are no guarantees with traditional locks either, and choosing between the traditional and key locks is largely a matter of personal preference. A smart lock may be a good choice for those who prefer high-tech home products and like the convenience they offer. They also may be particularly useful for properties that frequently have a variety of people, such as renters, housekeepers and pet sitters, coming and going. You’ll be able to lock or unlock your door remotely or share access, so that others can get in.

In the end, it’s up to each household to weigh the pros and cons of smart locks for themselves. For many, the convenience and additional security smart locks offer outweigh any hacking risks. For those not willing to take the risk of being hacked, traditional key locks are always a good option, and “dumb” electric locks offer the ability to use a passcode for entry.

This article has been reviewed and approved by Officer Banta.

Officer James Banta

Officer Banta is the official SecurityNerd home security and safety expert. A member of the Biloxi Police Department for over 24 years, Officer Banta reviews all articles before lending his stamp of approval. Click here for more information on Officer Banta and the rest of our team.